VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jq5s-hzam-zfda

Essentials
Severities (22)
References (15)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jq5s-hzam-zfda
Aliases	CVE-2024-4741
Summary	openssl: Use After Free with SSL_free_buffers
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	5.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4741.json
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2024-4741
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
ssvc	Track	https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
ssvc	Track	https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
ssvc	Track	https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
ssvc	Track	https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
cvssv3.1	7.5	https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
cvssv3.1	7.5	https://www.openssl.org/news/secadv/20240528.txt
ssvc	Track	https://www.openssl.org/news/secadv/20240528.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4741.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-4741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1072113		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072113
20240528.txt		https://www.openssl.org/news/secadv/20240528.txt
2283757		https://bugzilla.redhat.com/show_bug.cgi?id=2283757
704f725b96aa373ee45ecfb23f6abfe8be8d9177		https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d		https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
c88c3de51020c37e8706bf7a682a162593053aac		https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
e5093133c35ca82874ad83697af76f4b0f7e3bd8		https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
f7a045f3143fc6da2ee66bf52d8df04829590dd4		https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
RHSA-2024:9333		https://access.redhat.com/errata/RHSA-2024:9333
USN-6937-1		https://usn.ubuntu.com/6937-1/
USN-7894-1		https://usn.ubuntu.com/7894-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4741.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/ Found at https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/ Found at https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/ Found at https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/ Found at https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openssl.org/news/secadv/20240528.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:45:07Z/ Found at https://www.openssl.org/news/secadv/20240528.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.49905
EPSS Score	0.00264
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:47:07.514316+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4741.json	38.0.0